1 The Process

Verification & Validation

• Verification:

  • “Are we building the product right”
  • The software should conform to its (most recent) specification

• Validation:

  • “Are we building the right product”
  • The software should do what the user really requires

• Testing is the act of executing a program with selected data to uncover bugs.

  • As opposed to debugging, which is the process of finding the faulty code responsible for failed tests.

• Testing is the most common, but not the only form of V&V

• Fault: A defect in the source code.

• Failure: An incorrect behavior or result.

• Error: A mistake by the programmer, designer, etc., that led to the the fault.

2 Non-Testing V&V

Static Verification

Verifying the conformance of a software system and its specification without executing the code

• Involves analyses of source text by humans or software

• Can be carried out on ANY documents produced as part of the software process

• Discovers errors early in the software process

• Usually more cost-effective than testing for defect detection at the unit and module level

• Allows defect detection to be combined with other quality checks

It has been claimed that

• More than 60% of program errors can be detected by informal program inspections

• More than 90% of program errors may be detectable using more rigorous mathematical program verification

• The error detection process is not confused by the %existence of previous errors

2.1 Code Review

Inspecting the code in an effort to detect errors

• Desk Checking

• Inspection

2.1.1 Desk Checking

• An exercise conducted by the individual programmer.

• “Playing computer” with the aid of a listing.

  • Values of variables are tracked using pencil and paper as the programmer moves step-by-step through the code.

• Can be done with pseudocode, diagrams, etc. even before code has been written

• A precise specification must be available.

• Team members must be familiar with the organization standards.

• Syntactically correct code must be available.

• An error checklist should be prepared.

• Management must accept that inspection will increase costs early in the software process.

• Management must not use inspections for staff appraisal.

1. System overview presented to inspection team

• Code and associated documents are distributed to inspection team in advance

• Inspection takes place and discovered errors are noted

• After inspection meeting,

  • Modifications are made to repair discovered errors
  • Re-inspection may or may not be required

• Made up of at least 4 members
  • Author of the code being inspected
  • Reader who reads the code to the team
  • Moderator who chairs the meeting and notes discovered errors
    • Sometimes a separate “secretary” / “scribe” is used
  • Inspector(s) who finds errors, omissions and inconsistencies

• 500 statements/hour during overview
• 125 source statement/hour during individual preparation
• 90-125 statements/hour can be inspected
• Inspection is therefore an expensive process
• Inspecting 500 lines costs about 40 man/hours effort (\( \geq \$8 \) per line)

• Checklist of common errors should be used to drive the inspection

• Error checklist is programming language dependent

• The “weaker” the type checking, the larger the checklist

• Examples: Initialization, Constant naming, loop termination, array bounds, etc.

What kinds of faults would appear in a checklist?

What kinds of faults would appear in a checklist?

• Data Faults

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?
  • Are the parameters in the right order?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?
  • Are the parameters in the right order?
  • If components access shared memory, do they have the same model of the shared memory structure?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?
  • Are the parameters in the right order?
  • If components access shared memory, do they have the same model of the shared memory structure?

• Storage Mgmt Faults

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?
  • Are the parameters in the right order?
  • If components access shared memory, do they have the same model of the shared memory structure?

• Storage Mgmt Faults

  • If a linked structure is modified, have all links been correctly assigned?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?
  • Are the parameters in the right order?
  • If components access shared memory, do they have the same model of the shared memory structure?

• Storage Mgmt Faults

  • If a linked structure is modified, have all links been correctly assigned?
  • If dynamic storage is used, has space been allocated correctly?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?
  • Are the parameters in the right order?
  • If components access shared memory, do they have the same model of the shared memory structure?

• Storage Mgmt Faults

  • If a linked structure is modified, have all links been correctly assigned?
  • If dynamic storage is used, has space been allocated correctly?
  • Is space explicitly deallocated after it is no longer required?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?
  • Are the parameters in the right order?
  • If components access shared memory, do they have the same model of the shared memory structure?

• Storage Mgmt Faults

  • If a linked structure is modified, have all links been correctly assigned?
  • If dynamic storage is used, has space been allocated correctly?
  • Is space explicitly deallocated after it is no longer required?
  • Are all pointer data members deallocated in the destructor?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?
  • Are the parameters in the right order?
  • If components access shared memory, do they have the same model of the shared memory structure?

• Storage Mgmt Faults

  • If a linked structure is modified, have all links been correctly assigned?
  • If dynamic storage is used, has space been allocated correctly?
  • Is space explicitly deallocated after it is no longer required?
  • Are all pointer data members deallocated in the destructor?

• Exception Mgmt Faults

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?
  • Are the parameters in the right order?
  • If components access shared memory, do they have the same model of the shared memory structure?

• Storage Mgmt Faults

  • If a linked structure is modified, have all links been correctly assigned?
  • If dynamic storage is used, has space been allocated correctly?
  • Is space explicitly deallocated after it is no longer required?
  • Are all pointer data members deallocated in the destructor?

• Exception Mgmt Faults

  • Have all possible error conditions been taken into account?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?
  • Are the parameters in the right order?
  • If components access shared memory, do they have the same model of the shared memory structure?

• Storage Mgmt Faults

  • If a linked structure is modified, have all links been correctly assigned?
  • If dynamic storage is used, has space been allocated correctly?
  • Is space explicitly deallocated after it is no longer required?
  • Are all pointer data members deallocated in the destructor?

• Exception Mgmt Faults

  • Have all possible error conditions been taken into account?

• Stylistic/standards Faults

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?
  • Are the parameters in the right order?
  • If components access shared memory, do they have the same model of the shared memory structure?

• Storage Mgmt Faults

  • If a linked structure is modified, have all links been correctly assigned?
  • If dynamic storage is used, has space been allocated correctly?
  • Is space explicitly deallocated after it is no longer required?
  • Are all pointer data members deallocated in the destructor?

• Exception Mgmt Faults

  • Have all possible error conditions been taken into account?

• Stylistic/standards Faults

  • Are names understandable?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?
  • Are the parameters in the right order?
  • If components access shared memory, do they have the same model of the shared memory structure?

• Storage Mgmt Faults

  • If a linked structure is modified, have all links been correctly assigned?
  • If dynamic storage is used, has space been allocated correctly?
  • Is space explicitly deallocated after it is no longer required?
  • Are all pointer data members deallocated in the destructor?

• Exception Mgmt Faults

  • Have all possible error conditions been taken into account?

• Stylistic/standards Faults

  • Are names understandable?
  • Does code conform to standards for commenting?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?
  • Are the parameters in the right order?
  • If components access shared memory, do they have the same model of the shared memory structure?

• Storage Mgmt Faults

  • If a linked structure is modified, have all links been correctly assigned?
  • If dynamic storage is used, has space been allocated correctly?
  • Is space explicitly deallocated after it is no longer required?
  • Are all pointer data members deallocated in the destructor?

• Exception Mgmt Faults

  • Have all possible error conditions been taken into account?

• Stylistic/standards Faults

  • Are names understandable?
  • Does code conform to standards for commenting?
  • Does code provide capturable outputs for testing?

What kinds of faults would appear in a checklist?

• Data Faults

  • Are all variables initialized before use?
  • Have all constants been named?
  • Should array lower bounds be 0, 1, or something else?
  • Should array upper bounds be size of the array or size$-1$?
  • If character strings are used, is a delimited explicitly.
  • Are all data members initialized in every constructor?
  • Is C++’s “Rule of the Big 3” satisfied?

• Control Faults

  • For each conditional statement, is the condition correct?
  • Is each loop certain to terminate?
  • Are compound statements correctly bracketed?
  • In case statements, are all possible cases accounted for?

• I/O Faults

  • Are all input variables used?
  • Are all output variables assigned before being output?

• Interface faults

  • Do all function/procedure calls have the correct number of parameters?
  • Do the formal and actual parameter types match?
  • Are the parameters in the right order?
  • If components access shared memory, do they have the same model of the shared memory structure?

• Storage Mgmt Faults

  • If a linked structure is modified, have all links been correctly assigned?
  • If dynamic storage is used, has space been allocated correctly?
  • Is space explicitly deallocated after it is no longer required?
  • Are all pointer data members deallocated in the destructor?

• Exception Mgmt Faults

  • Have all possible error conditions been taken into account?

• Stylistic/standards Faults

  • Are names understandable?
  • Does code conform to standards for commenting?
  • Does code provide capturable outputs for testing?
  • Does code take advantage of possible re-use?

2.2 Mathematically-based verification

• Verification is based on mathematical arguments which demonstrate that a program is consistent with its specification

• Programming language semantics must be formally defined

• The program must be formally specified

• Rigorous mathematical proofs that a program meets its specification are long and difficult to produce

• Some programs cannot be proved because they use constructs such as interrupts.

  • These may be necessary for real-time performance

• The cost of developing a program proof is so high that it is not practical to use this technique in the vast majority of software projects

• Less formal, mathematical arguments can increase confidence in a program’s conformance to its specification

• Must demonstrate that a program conforms to its specification

• Must demonstrate that a program will terminate

• Simplified models on which properties can be proved

  • FSA
  • Markov Chains

• Focus on properties short of correctness

  • e.g., avoiding race conditions

• Machine-Assisted

2.3 Static analysis tools

• Software tools for source text processing

• Try to discover potentially erroneous conditions in a program and bring these to the attention of the V & V team

• Very effective as an aid to inspections. A supplement to but not a replacement for inspections

What kinds of faults can be detected by static analysis?

What kinds of faults can be detected by static analysis?

• Data faults

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used
  • Variables assigned twice but never used between assignments

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used
  • Variables assigned twice but never used between assignments
  • Possible array bounds violations

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used
  • Variables assigned twice but never used between assignments
  • Possible array bounds violations
  • Undeclared variables

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used
  • Variables assigned twice but never used between assignments
  • Possible array bounds violations
  • Undeclared variables

• Control faults

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used
  • Variables assigned twice but never used between assignments
  • Possible array bounds violations
  • Undeclared variables

• Control faults

  • Unreachable code

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used
  • Variables assigned twice but never used between assignments
  • Possible array bounds violations
  • Undeclared variables

• Control faults

  • Unreachable code
  • Unconditional branches into loops

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used
  • Variables assigned twice but never used between assignments
  • Possible array bounds violations
  • Undeclared variables

• Control faults

  • Unreachable code
  • Unconditional branches into loops

• Interface faults

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used
  • Variables assigned twice but never used between assignments
  • Possible array bounds violations
  • Undeclared variables

• Control faults

  • Unreachable code
  • Unconditional branches into loops

• Interface faults

  • Parameter type mismatches

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used
  • Variables assigned twice but never used between assignments
  • Possible array bounds violations
  • Undeclared variables

• Control faults

  • Unreachable code
  • Unconditional branches into loops

• Interface faults

  • Parameter type mismatches
  • Parameter number mismatches

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used
  • Variables assigned twice but never used between assignments
  • Possible array bounds violations
  • Undeclared variables

• Control faults

  • Unreachable code
  • Unconditional branches into loops

• Interface faults

  • Parameter type mismatches
  • Parameter number mismatches
  • Function return values unused

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used
  • Variables assigned twice but never used between assignments
  • Possible array bounds violations
  • Undeclared variables

• Control faults

  • Unreachable code
  • Unconditional branches into loops

• Interface faults

  • Parameter type mismatches
  • Parameter number mismatches
  • Function return values unused
  • Uncalled functions and procedures

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used
  • Variables assigned twice but never used between assignments
  • Possible array bounds violations
  • Undeclared variables

• Control faults

  • Unreachable code
  • Unconditional branches into loops

• Interface faults

  • Parameter type mismatches
  • Parameter number mismatches
  • Function return values unused
  • Uncalled functions and procedures

• Storage mgmt faults

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used
  • Variables assigned twice but never used between assignments
  • Possible array bounds violations
  • Undeclared variables

• Control faults

  • Unreachable code
  • Unconditional branches into loops

• Interface faults

  • Parameter type mismatches
  • Parameter number mismatches
  • Function return values unused
  • Uncalled functions and procedures

• Storage mgmt faults

  • Unassigned pointers

What kinds of faults can be detected by static analysis?

• Data faults

  • Variables used before initialization
  • Variables declared but never used
  • Variables assigned twice but never used between assignments
  • Possible array bounds violations
  • Undeclared variables

• Control faults

  • Unreachable code
  • Unconditional branches into loops

• Interface faults

  • Parameter type mismatches
  • Parameter number mismatches
  • Function return values unused
  • Uncalled functions and procedures

• Storage mgmt faults

  • Unassigned pointers
  • Pointer arithmetic

• Software development process based on:

• Software development process based on:
  • Incremental development

• Software development process based on:
  • Incremental development
  • Formal specification.

• Software development process based on:
  • Incremental development
  • Formal specification.
  • Static verification using correctness arguments

• Software development process based on:
  • Incremental development
  • Formal specification.
  • Static verification using correctness arguments
  • Statistical testing to determine program reliability.

• Software development process based on:
  • Incremental development
  • Formal specification.
  • Static verification using correctness arguments
  • Statistical testing to determine program reliability.
• Testing is actually forbidden!

• Software development process based on:
  • Incremental development
  • Formal specification.
  • Static verification using correctness arguments
  • Statistical testing to determine program reliability.
• Testing is actually forbidden!
  • Code generation is suppressed.

2.4 Cleanroom software development

The name is derived from the ‘Cleanroom’ process in semiconductor fabrication. The philosophy is defect avoidance rather than defect removal.

• Software development process based on:
  • Incremental development
  • Formal specification.
  • Static verification using correctness arguments
  • Statistical testing to determine program reliability.
• Testing is actually forbidden!
  • Code generation is suppressed.
  • Compilers used for syntax/semantic checking only.

Specification team.

Responsible for developing and maintaining the system specification

Development team.

Responsible for developing and verifying the software. The software is NOT executed during this process

Certification team.

Responsible for developing a set of statistical tests to exercise the software after development.

Reliability growth models used to determine when reliability is acceptable